Skip to main content

Location Privacy-Preserving Mobile Crowd Sensing with Anonymous Reputation

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11736)

Abstract

In this paper, we give a location privacy-preserving solution for the mobile crowd sensing (MCS) system. The solution makes use of the blind signature technique for anonymous authentication and allows a mobile user to participate in the MCS for certain times set in the registration. Furthermore, we introduce a concept of anonymous reputation for mobile users on the basis of the blind signature technique as well. An anonymous reputation can be referred by the MCS platform when assigning tasks to a mobile user and can be upgraded or downgraded by the MCS platform, depending on the quality of reports submitted by the mobile user. For the security analysis, we provide security proofs for our solution on the basis of our formal definitions for anonymity, unlinkability and unforgeability for MCS. The performance analysis and experiments have shown that our solution is more efficient than existing solutions for MCS based on the blind signature technique.

Keywords

  • Mobile crowd sensing
  • Location privacy protection
  • Anonymity
  • Blind signature
  • Reputation

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-29962-0_19
  • Chapter length: 25 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   79.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-29962-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.

Notes

  1. 1.

    https://en.wikipedia.org/wiki/Dual_SIM.

  2. 2.

    Note that we will use Server to denote our MCS platform when focusing our comparisons on registration and authentication.

  3. 3.

    https://gmplib.org/.

  4. 4.

    We adopt the suggested setting of \(\kappa _{1}\), \(\kappa _{2}\), and \(\kappa _{3}\) in [4] and [6].

References

  1. Abe, M., Fujisaki, E.: How to date blind signatures. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 244–251. Springer, Heidelberg (1996). https://doi.org/10.1007/BFb0034851

    CrossRef  Google Scholar 

  2. Bellavista, P., Corradi, A., Foschini, L., Ianniello, R.: Scalable and cost-effective assignment of mobile crowdsensing tasks based on profiling trends and prediction: the participact living lab experience. Sensors 15(8), 18613–18640 (2015)

    CrossRef  Google Scholar 

  3. Blanton, M.: Online subscriptions with anonymous access. In: Proceedings of ASIACCS 2008, pp. 217–227 (2008)

    Google Scholar 

  4. Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_31

    CrossRef  MATH  Google Scholar 

  5. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of 11th ACM Conference on Computer and Communication Security, pp. 132–145 (2004)

    Google Scholar 

  6. Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052252

    CrossRef  Google Scholar 

  7. Chan, A., Frankel, Y., Tsiounis, Y.: Easy come — easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054154

    CrossRef  Google Scholar 

  8. Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, Boston, MA (1983). https://doi.org/10.1007/978-1-4757-0602-4_18

    CrossRef  Google Scholar 

  9. Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22

    CrossRef  Google Scholar 

  10. Christin, D.: Privacy in mobile participatory sensing: current trends and future challenges. J. Syst. Softw. 116, 57–68 (2016)

    CrossRef  Google Scholar 

  11. Cormode, G., Procopiuc, C., Srivastava, D., Shen, E., Yu, T.: Differentially private spatial decompositions. In: Proceedings of ICDE 2012, pp. 20–31 (2012)

    Google Scholar 

  12. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Berlin (2002). https://doi.org/10.1007/978-3-662-04722-4

    CrossRef  MATH  Google Scholar 

  13. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    CrossRef  Google Scholar 

  14. Ganti, R.K., Ye, F., Lei, H.: Mobile crowdsensing: current state and future challenges. IEEE Commun. Mag. 49(11), 32–39 (2011)

    CrossRef  Google Scholar 

  15. Guo, B., Calabrese, F., Miluzzo, E., Musolesi, M.: Mobile crowd sensing: part 1. IEEE Commun. Mag. 52(8), 20–21 (2014)

    CrossRef  Google Scholar 

  16. Guo, B., Calabrese, F., Miluzzo, E., Musolesi, M.: Mobile crowd sensing: part 2. IEEE Commun. Mag. 52(10), 76–77 (2014)

    CrossRef  Google Scholar 

  17. Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052233

    CrossRef  Google Scholar 

  18. Kantarci, B., Glasser, P.M., Foschini, L.: Crowdsensing with social network-aided collaborative trust scores. In: Proceedings of IEEE Global Communication Conference (GLOBECOM), pp. 1–6 (2015)

    Google Scholar 

  19. Kantarci, B., Carr, K.G., Pearsall, C.D.: SONATA: social network assisted trustworthiness assurance in smart city crowdsensing. Int. J. Distrib. Syst. Technol. 7(1), 59–78 (2016)

    CrossRef  Google Scholar 

  20. Kapadia, A., Triandopoulos, N., Cornelius, C., Peebles, D., Kotz, D.: AnonySense: opportunistic and privacy-preserving context collection. In: Proceedings of 6th International Conference on Mobile System, Applications and Services (MobiSys), pp. 280–297 (2008)

    Google Scholar 

  21. Konidala, D.M., Deng, R.H., Li, Y., Lau, H.C., Fienberg, S.E.: Anonymous authentication of visitors for mobile crowd sensing at amusement parks. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 174–188. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38033-4_13

    CrossRef  Google Scholar 

  22. Lynn, B.: On the implementation of pairing-based cryptosystems. Stanford University (2007)

    Google Scholar 

  23. Navas, J.C., Imielinski, T.: GeoCast - geographic addressing and routing. In: Proceedings of ACM International Conference on Mobile Computing and Networking, pp. 66–76 (1997)

    Google Scholar 

  24. Pouryazdan, M., Kantarci, B., Soyata, T., Song, H.: Anchor-assisted and vote-based trustworthiness assurance in smart city crowdsensing. IEEE Access 4, 529–541 (2016)

    CrossRef  Google Scholar 

  25. Pouryazdan, M., Kantarci, B., Soyata, T., Foschini, L., Song, H.: Quantifying user reputation scores, data trustworthiness, and user incentives in mobile crowd-sensing. IEEE Access 5, 1382–1397 (2017)

    CrossRef  Google Scholar 

  26. Ramzan, Z., Ruhl, M.: Protocols for anonymous subscription services (2000). (Unpublished Manuscript)

    Google Scholar 

  27. Ren, J., Zhang, Y., Zhang, K., Shen, X.S.: SACRM: social aware crowdsourcing with reputation management in mobile sensing. Comput. Commun. 65, 55–65 (2015)

    CrossRef  Google Scholar 

  28. Shina, M., Cornelius, C., Peebles, D., Kapadia, A., Kotz, D., Triandopoulos, N.: AnonySense: a system for anonymous opportunistic sensing. Pervasive Mobile Comput. 7, 16–30 (2011)

    CrossRef  Google Scholar 

  29. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl.-Based Syst. 10, 557–570 (2002)

    MathSciNet  CrossRef  Google Scholar 

  30. To, H., Ghinita, G., Shahabi, C.: A framework for protecting worker location privacy in spatial crowdsourcing. In: Proceedings of VLDB 2014, pp. 919–930 (2014)

    CrossRef  Google Scholar 

  31. Vergara-Laurens, I.J., Jaimes, L.G., Labrador, M.A.: Privacy-preserving mechanisms for crowdsensing: survey and research challenges. IEEE IoT J. 4(4), 855–869 (2017)

    Google Scholar 

  32. Wang, X., Liu, Z., Tian, X., Gan, X., Guan, Y., Wang, X.: Incentivizing crowdsensing with location-privacy preserving. IEEE Trans. Wirel. Commun. 16(10), 6940–6952 (2017)

    CrossRef  Google Scholar 

Download references

Acknowledgements

This research is supported by the National Research Foundation, Prime Minister’s Office, Singapore under its Strategic Capability Research Centres Funding Initiative, and Australian Research Council (ARC) Discovery Projects DP160100913 & DP180103251.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xun Yi .

Editor information

Editors and Affiliations

Appendix: Security Analysis

Appendix: Security Analysis

The proposed LPP protocol is based on the blind signature scheme. According to [17], a blind digital signature scheme is secure if for all probabilistic polynomial-time (PPT) algorithms \(\mathcal {A}\), the following two considerations hold.

Blindness Property: Let b is a random bit which is kept secret from \(\mathcal {A}\). \(\mathcal {A}\) executes the following experiment (where \(\mathcal {A}\) controls the signer, but not the user, and tries to predict b):

  • Step 1: \((pk,sk)\leftarrow \mathsf {Gen}(1^k)\)

  • Step 2: \((m_0, m_1)\leftarrow \mathcal {A}(1^k,pk,sk)\) (i.e. \(\mathcal {A}\) produces two documents, where (\(m_0, m_1\)) are by convention lexicographically ordered and may even depend on pk and sk).

  • Step 3: We denote by (\(m_b, m_{1-b}\)) the same two documents (\(m_0, m_1\)), ordered according to the value of bit b, where the value of b is hidden from \(\mathcal {A}\). \(\mathcal {A}(1^k,pk,sk,m_0, m_1)\) engages in two parallel (and arbitrarily interleaved) interactive protocols, the first with \(User(pk,m_b)\) and the second with \(User(pk,m_{1-b})\).

  • Step 4: If the first user outputs on his private tape \(\sigma (m_b)\) (i.e., does not output fail) and the second user outputs on his private tape \(\sigma (m_{1-b})\) (i.e., also does not output fail) then \(\mathcal {A}\) is given as an additional input (\(\sigma (m_b), \sigma (m_{1-b})\)) ordered according to the corresponding (\(m_0, m_1\)) order. (We remark that we do not insist that this happens, and either one or both users may output fail).

  • Step 5: \(\mathcal {A}\) outputs a bit \(b'\) (given his view of steps 1 through 3, and if conditions are satisfied, of step 4 as well).

    Then the probability, taken over the choice of b, over coin-flips of key-generation algorithm, the coin-flips of \(\mathcal {A}\), and (private) coin-flips of both users (from step 3), \(b'=b\) is negligibly close to 1/2.

Unforgeability Property: \(\mathcal {A}\) executes the following experiment (where \(\mathcal {A}\) controls the user, but not the signer, and tries to get one more signature):

  • Step 1: \((pk,sk)\leftarrow \mathsf {Gen}(1^k)\)

  • Step 2: \(\mathcal {A}(pk)\) engages in polynomially many (in k) adaptive, parallel and arbitrarily interleaved interactive protocols with polynomially many copies of \(\mathsf {Signer}(pk, sk)\), where \(\mathcal {A}\) decides in an adaptive fashion when to stop. Let \(\ell \) denote the number of executions, where the signer outputted completed in the end of Step 2.

  • Step 3: \(\mathcal {A}\) outputs a collection \(\{(m_1, \sigma (m_1)), (m_2, \sigma (m_2)),\cdots , (m_j,\sigma (m_j))\) subject to the constraint the all (\(m_i, \sigma (m_i)\)) for \(1\le i\le j\) are all accepted by \(\mathsf {Verify}(pk, m_i, \sigma (m_i))\).

    Then the probability, taken over coin-flips of key - generation algorithm, the coin flips of \(\mathcal {A}\), and over the (private) coin-flips of the Signer, that \(j >\ell \) is negligible.

For the following security analysis, we make an assumption, which can reasonably be expected to hold in practice. We assume that on average the users have the same total access times (i.e., during the registration, n is the same for every user), and access the MCS system with the same frequency. This implies that at every given point in time, there will be a similar number of users that have each possible remaining access times (i.e., \(\ell \)). In other words, the number of remaining access times for a user is equally likely to be any number between 1 and n (i.e., \(1\le \ell \le n\)).

In addition, we assume the Chaum’s blind signature scheme [8] is secure in terms of blindness and forgeablility.

During MCS, the platform learns one thing. He sees the anonymous certificates and anonymous reputations, i.e., the blind signatures, used in MCS. We claim that the MCS platform learns nothing from the blind signatures themselves, and only the number of the participation of the mobile user and the reputation level of the mobile user in MCS.

At first, let us analyse the anonymity of the proposed protocol with a game according to Definition 1 in Sect. 2. For this security analysis, we assume that the MCS platform is malicious and tries to identify the mobile user.

Given two mobile users \(U_0\) and \(U_1\), assume that the MCS platform runs the registration protocol with them, respectively, to issue blind signatures to them for anonymous authentication.

Let us choose a bit b randomly.

In the authentication phase, the mobile user \(U_b\) submits the authentication request \(\{MCS, D_b,E_{k_b}(MCS,(\ell _b,m_b, C_{a,b}),A_{a,b}')\}\) to the platform. The platform can derive the secret key \(k_b\) from \(D_b\) with its private key \(d_a\) and perform decryption to obtain the anonymous certificate \(\{\ell _b,m_b,C_{a,b}\}\). Due to the blindness property of the Chaum’s blind signature, the platform cannot tell if the blind signature is from the mobile user \(U_0\) or \(U_1\).

In the task assignment phase, the mobile user \(U_b\) submits to the MCS platform a task request \(\{MCS,D_b, E_{k_b}(MCS, (\lambda _b, M_b, C_{r,b}),A_{r,b}', T_b)\}\). With \(k_b\) corresponding to \(D_b\), the platform performs decryption to obtain the anonymous reputation \(\{\lambda _b, M_b, C_{r,b}\}\). Due to the blindness property of the Chaum’s blind signature, the MCS platform cannot tell if the blind signature is from the mobile user \(U_0\) or \(U_1\).

In the report and reward phase, the mobile user does not submit any blind signature to the MCS platform. The MCS platform has no way to distinguish the mobile users in this phase.

Based on the above security analysis, according to Definition 1 for anonymity, we conclude that

Theorem 1

The proposed LPP protocol has anonymity if the Chaum’s blind signature has blindness.

Next, let us analyse the unlinkability of the proposed protocol with a game.

Given two mobile users \(U_0\) and \(U_1\), assume that the platform runs the protocol with \(U_0\) and \(U_1\), respectively, and keeps two anonymous certificates and two anonymous reputations: \(\{\ell _0, m_0,C_{a,0}\}\) and \(\{\ell _0, M_0,C_{a,0}\}\) from \(U_0\), \(\{\ell _1, m_1, C_{a,1}\}\) and \(\{\ell _1, M_1,C_{a,1}\}\) from \(U_1\).

Next, let us choose a bit b randomly. User \(U_b\) runs the protocol with the MCS platform again and provides the MCS platform with anonymous certificate and anonymous reputation: \(\{\ell _b', m_b',C_{a,b}'\}\) and \(\{\ell _b', M_b',C_{a,b}'\}\).

Due to the blindness property of the Chaum’s blind signature, the MCS platform cannot tell if the blind signatures \(\{\ell _b', m_b',C_{a,b}'\}\) and \(\{\ell _b', M_b',C_{a,b}'\}\) are from the mobile user \(U_0\) or \(U_1\). Based on the above analysis, according to Definition 2 for unlinkability, we conclude that

Theorem 2

The proposed LPP protocol has unlinkability if the Chaum’s blind signature has blindness.

At last, let us analyse the unforgeability of the proposed protocol with a game.

For this analysis, we assume a group of mobile users are malicious. For simplicity, we consider anonymous certificates only at first and then we can easily extend the security analysis for anonymous reputation, because both of them are blind signatures anyway.

In the proposed LPP protocol, a valid anonymous certificate takes the form of \(\{\ell , m,C=H(MCS, m)^{(2\ell +1)^{-1}d_a}\}\) for \(\ell =1,2,\cdots \). Assume that the adversary is given t valid anonymous certificates \(\{\ell _i, m_i,C_i\}\) for \(i=1,2,\cdots ,t\), if the adversary can generate a new anonymous certificate, which is different from the given t anonymous certificates, he wins the game.

In the given t valid anonymous certificates, if \(\ell _1=\ell _2=\cdots =\ell _t=\ell \), the adversary cannot forge any more new anonymous certificate because the Chaum’s blind signature for the public key \((2\ell +1)e_a\) has unforgeability.

In the given t valid anonymous certificates, if we group certificates on the basis of the public key \((2\ell +1)e_a\), the adversary cannot forge any more new certificate in any group with the same public key because the Chaum’s blind signature for the public key \((2\ell +1)e_a\) has unforgeability.

Now let us consider the possibility of forging a new anonymous certificate across the groups, i.e., how to forge a new anonymous certificate \(\{\ell ', m',C'=H(MCS, m')^{(2\ell '+1)^{-1}d_a}\}\) with two anonymous certificates \(\{\ell _1,m_1,C_1\}\) such that \(C_1=H(MCS, m_1)^{(2\ell _1+1)^{-1}d_a}(mod~N)\) and \(\{\ell _2, m_2,C_2\}\) such that \(C_2=H(MCS, m_2)^{(2\ell _2+1)^{-1}d_a}(mod~N)\), where \(\ell _1\not =\ell _2\).

Because the hash function H is collision-resistant, from \(H(MCS,m_1)^{(2\ell _1+1)^{-1}d}\) and \(H(MCS, m_2)^{(2\ell _2+1)^{-1}d}\), it is hard to forge a new anonymous certificate (\(\ell ',m',C'\)) as follows.

  • \(C'=H(MCS, m_1)^{(2\ell '+1)^{-1}d_a}(mod~N)\) for some \(\ell '\), such that \(\ell '\not =\ell _1\).

  • \(C'=H(MCS,m_2)^{(2\ell '+1)^{-1}d_a}(mod~N)\) for some \(\ell '\), such that \(\ell '\not =\ell _2\).

  • \(C'=H(MCS,m')^{(2\ell '+1)^{-1}d_a}(mod~N)\) for some \(\ell '\), such that \(m'\not =m_1\) and \(m'\not =m_2\).

In view of this, we conclude that

Theorem 3

The proposed LPP protocol has unforgeability if the Chaum’s blind signature has unforgeability and the hash function H is collision-resistant.

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Yi, X., Lam, KY., Bertino, E., Rao, FY. (2019). Location Privacy-Preserving Mobile Crowd Sensing with Anonymous Reputation. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)